MIT krb5 has no "site" support.

Jeremy Allison jra at
Thu Aug 31 21:34:00 EDT 2006

On Thu, 31 Aug 2006 12:22:47 -0700, Donn Cave wrote:

> Custom krb5.conf isn't very elegant, but apart from that, would you agree
> that this fits in the general area of configuration data from alternate
> sources?
> I mean, it seems like it would be better to use the existing configurable
> library parameters if possible, rather than add to what's already a fairly
> complex configuration diagram. Would something like the following be an
> improvement?
>    include "k5-int.h"
>    const char *kdc[4] = {"realms", 0, "kdc", 0};
>    kdc[1] = this_realm;
>    err = profile_clear_relation(kcontext->profile, kdc);
>    err = profile_add_relation(kcontext->profile, kdc, localkdc);

Interesting - are you saying there's already a way in 1.5.x
to do this ? I can create a context then manipulate the
KDC -> IP address association in it ? I notice you're
using k5-int.h - I take it this is an internal only API.

I'm happy to be able to do this at all rather than having
to create custom krb5.conf files, so I'm not complaining,
just trying to learn more.



More information about the Kerberos mailing list